Arctic Wolf Labs uncovered a sophisticated cyber campaign where threat actors collaborated, blending cybercrime with espionage to target a U.S. engineering firm. The campaign involved deploying RomCom payloads via SocGholish, highlighting a dangerous evolution in offensive cyber operations. #SocGholish #RomCom
Keypoints
- Threat actor TA569 used SocGholish as a delivery method for RomCom payloads in a targeted espionage campaign.
- The attack began with a fake browser update on a compromised website before pivoting to espionage activities.
- Arctic Wolf assesses with medium-to-high confidence that Russiaβs GRU unit 29155 is involved in using SocGholish for targeting.
- The campaign involved a disciplined infection chain with domain verification, deploying tools like Mythic Agent and VIPERTUNNEL.
- The targeting was deliberate, focusing on entities with ties to Ukraine, aligning with RomComβs strategic goals.
Read More: https://securityonline.info/gru-unit-29155-uses-socgholish-to-target-us-firm/